🌿 What we collect

Spillit is designed to collect as little as possible:

• Confession & reply content — the text you post, stored in our database. It contains no information that identifies you unless you choose to include it yourself.
• An anonymous session token — a random ID stored as a cookie in your browser (spillit_sid). Used only to prevent duplicate likes and track your room membership. It contains no personal data and cannot be used to identify you.
• Your IP address — used temporarily in memory for rate limiting (to prevent spam). It is never stored in our database.
• Category, timestamp, and country code — recorded when a confession is posted to support filtering by world and the local/global region toggle.
• Media uploads — if you attach a photo or video, it is stored via Cloudinary (for videos) or as encoded data (for images). No personal metadata is extracted.

🚫 What we don't collect

• Your name, email address, or phone number
• Your precise location or device fingerprint
• Your browsing history or activity outside Spillit
• Any account credentials — there are no accounts
• Advertising identifiers or tracking pixels

🍪 Cookies

We use a single cookie: spillit_sid. It is:

• httpOnly — JavaScript on the page cannot read it
• Signed — tamper-evident, server-verified
• Anonymous — a random UUID with no connection to your identity
• Long-lived — expires after 1 year so your preferences persist

We do not use advertising cookies, analytics cookies, or third-party tracking cookies.

📦 How data is used

The data we collect is used only to operate Spillit:

• Confession content is displayed publicly in the feed or within the room it was posted to
• The session token enforces one-like-per-person on confessions and replies
• Reaction, reply, and like counts are public
• Reported confessions are reviewed by our admin for moderation
• Country codes power the optional Global/Local region toggle — they are not stored against your session

We never sell, share, or transfer your data to third parties for advertising or any commercial purpose.

🏠 Rooms & communities

When you create or visit a Room, your anonymous session ID is used to identify you as the creator (for moderation purposes) and to track membership. This session ID is not linked to your identity in any way outside of Spillit.

Posts within private rooms are only visible to members of that room. Public rooms are visible to all users.

🗑️ Data retention & deletion

• Confessions marked "Disappears in 24h" are automatically removed after 24 hours
• Other confessions remain until deleted by our admin team following a report
• Because confessions carry no identity, we cannot look up or delete posts by user — if you need content removed, use the Report button on the confession
• Room posts follow the same rules as regular confessions

🌍 Third-party services

Spillit uses the following third-party services:

• Google Fonts — to load typefaces. Your browser makes a request to Google's servers on page load. Google's privacy policy applies to that request.
• Cloudinary — for video uploads. When you attach a video to a confession, it is uploaded to Cloudinary for storage and delivery. Cloudinary's privacy policy applies.
• Tenor (via Google) — for the GIF picker in rooms. Searches are sent to Tenor's API. Tenor's privacy policy applies.

We use no advertising networks, analytics platforms, or other tracking services.

👶 Children's privacy

Spillit is intended for users aged 13 and over. We do not knowingly collect information from children under 13. If you believe a child has submitted content, please use the Report button or contact us.

✉️ Contact

Questions about this privacy policy? Reach out at privacy@spillit.app. We'll do our best to respond within 5 business days.